Save-Solaris.ORG

I
am writing to request your assistance in resolving my service request
with Sun Service.

On
April 20th, I read an announcement from the Mozilla
Foundation about serious security vulnerabilities in their web
browser software. As Sun provides the Mozilla browser with its
Solaris operating system, I immediately went to Sun's self-support
portal, SunSolve, to determine whether Sun's version, SUNWmozilla,
was also vulnerable. I was unable to find a current SunAlert security
statement regarding SUNWmozilla. As I have support contracts with
Sun, I then opened service request 64991874 via Sun's Online Service
Center (OSC) requesting information about whether the potential
security problems had been evaluated by Sun. Soon after opening the
case, I received an e-mail from OSC notifying me that support
engineer, Romesh Santhiapillai, was assigned to my case. Two weeks
later, he still had not obtained Engineering's evaluation of the
Mozilla advisory, a temporary patch, or a projection when fixes might
be provided by Sun.

On
August 16th, Sun Service released a patch addressing the
April group of vulnerabilities. Unfortunately, the updated
SUNWmozilla crashes when visiting Yahoo!. Will I have to wait another
four months before Sun fixes this new bug?

Sun has a goal of promptly issuing
SunAlerts as soon as any known security vulnerabilities are known.
Appropriate security fixes/patches are issued promptly as soon as
they are available. We follow this policy this policy for all
products.

I
quoted those words in a 2005 letter to Don Grantham, Executive Vice
President, Sun Services, about a similar issue regarding JDS/Solaris
security vulnerabilities. While I believe his intervention was
helpful in getting that case resolved, he apparently was unable to
implement needed structural reforms. I hope that you will have better
success in assuring that the Engineering and Services team can meet
this basic customer service expectation.